Windows 10 gets out-of-band patch for PrintNightmare vulnerability
Patch Tuesday isn’t until next Tuesday, but Windows is already getting cumulative updates this week. Microsoft is addressing a critical vulnerability in various Windows 10 versions, including the latest version 21H1, but also going back to the original Windows 10 release. The update is meant to address a Windows 10 vulnerability called PrintNightmare, which was disclosed last week. This vulnerability allows attackers to leverage the Windows Print Spooler service to take over an organization’s domain to spread malware.
Technical details and a proof-of-concept for the vulnerability were accidentally revealed because researchers conflated the vulnerability with another issue that was patched last week, which was labeled CVE-2021-1675. This latter issue was addressed in the Patch Tuesday update for Windows 10 June, but the PrintNightmare vulnerability wasn’t. They then published the technical details of exploiting the vulnerability before it was patched, leaving servers open to attacks. This prompted the Cybersecurity & Infrastructure Security Agency to encourage server admins to disable the Windows Print Spooler service.
The severity of this vulnerability and the accidental disclosure prompted Microsoft to quickly release a patch. The vulnerability is now identified as CVE-2021-34527, and it’s been patched in today’s out-of-band update. The update that fixes the issue is labelled KB5004945 if you’re using Windows 10 versions 21H1, 20H2, or 2004, and it’ll bring you to build number 19043.1083, 19042.1083, or 19041.83, respectively, for each of those versions. You can download the update manually here. This fix is pretty much all that’s new, and Microsoft has shared some detail on the vulnerability. Here’s what the changelog says:
Addresses a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare”, as documented in CVE-2021-34527. After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system’s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the RestrictDriverInstallationToAdministrators registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.
For other versions, you can find the links to the KB articles and download links below:
|Windows 10 version||KB article||Build number||Download|
This update is mandatory, so it’s available through Windows Update and it will install automatically. You can use the download links to get it faster, though. Of course, this doesn’t change the schedule for next week’s Windows updates. Those should include a lot more fixes, and they will also be mandatory.